Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

my laptop is running VERY slowly of late. Suspect Malware running in


  • This topic is locked This topic is locked

#16
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

Hello again Adam,

 

Please run a free online scan with the ESET Online Scanner

Vista / Win7 users: Right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator.

Windows 8 & 8.1 users may face another warning from the Windows SmartScreen Protection - please click More information and Run.

Note: This scan works with Internet Explorer or Mozilla FireFox.

If using Mozilla Firefox you may need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

Disable your security programs.

  • Click the blue Run ESET Online Scanner box
  • Tick the box next to YES, I accept the Terms of Use
     then click on: Start
  • You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow/install to install. If your firewall asks whether you want to allow installation, say yes. If asked, click yes to allow the program to run on your computer.
  • Check "Enable detection of potentially unwanted applications"
  • Click on Start and say yes to allow the program to proceed.
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed click "List of found threats" and click again on Copy to clipboard. Open notepad and past in the clipboard list. Save it as ESET log somewhere that you can find .
  • After that click the button "Back"
  • Select and check Uninstall application on close and Delete quarantined files.
  • Then click on: Finish
  • Copy and paste the ESET log back here and tell me how your machine is now.

 

 


  • 0

Advertisements


#17
AdamIsAdam

AdamIsAdam

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 191 posts

Having trouble completing ESET.  Not sure if I'm running out of time or it's stuck. Suggestions?  (see attached)

Attached Thumbnails

  • Capture.JPG

  • 0

#18
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

Those scans can stop for periods (sometimes quite long) and appear to be doing nothing, then they just start again.

 

I find it's best to just close everything and leave it to do the job.

 

How long has it been running?


  • 0

#19
AdamIsAdam

AdamIsAdam

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 191 posts
I restarted it for the third time because the computer either went into hibernation or I had to move it to travel. It's gone for as much as 8-10+ hours.
  • 0

#20
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

Well it can take several hours.

 

It does look like it's doing it's job.

 

Let's give it another hour and then if it's not finished we can give it away.

 

Be nice for it to finish and go through the uninstall process smoothly. :)


  • 0

#21
AdamIsAdam

AdamIsAdam

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 191 posts

Well, I left it run as i went to sleep and it never finished.  Now what should we do?  It did find as many as 10 items one of the times it was running - I think none last time.  So perhaps it was actually removing the ones it found previously?


  • 0

#22
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

It likely has quarantined what it found.

 

Time to leave that.

 

To uninstall ESET OnlineScanner

Go to Start and type in the Search programs and files box ESET

Click on the ESET folder

Right Click on OnlineScannerUninstaller and run as Administrator

Click yes to run

 

After that

 

Let's run System File Checker, just to make sure there is not some residual corruption somewhere that caused ESET to hang.

1.Open an elevated command prompt. To do this, go to Start > All Programs > Accessories  right-click Command Prompt and click Run as administrator. If you are prompted for an administrator password or for a confirmation, type the password, or click Allow.
2.At the command prompt, type the following command, and then press ENTER:
 
sfc /scannow

The sfc /scannow command scans all protected system files and replaces incorrect versions with correct Microsoft versions.
 

Come back and tell me how it went and how your machine is now.

 

 

 


  • 0

#23
AdamIsAdam

AdamIsAdam

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 191 posts

ok, did as instructed.  Got the follow message (see attached screen capture)

 

Oh, and the machine is working fine as far as I can tell. 

Attached Thumbnails

  • Capture.JPG

Edited by AdamIsAdam, 25 May 2015 - 03:33 PM.

  • 0

#24
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

I don't think there is a malware problem anymore.

Looks like there might be some minor corruption and we can have another look at that.

Firstly

To clear away the tools we have been using download Delfix from here. You will be taken to the download page. Just wait and shortly the download will appear.

Put a check (tick) in the following boxes:
 

  • Remove disinfection tools
  • Purge System Restore
  • Reset System Settings

    Then click Run

The tool will run for a short time. When completed a notepad window will open with a log. Please copy and paste the log back here.

Any remaining tools may be deleted.

After that

Download SFCFix.exe by niemiro and click on it to run.
A black panel will open.
Follow the prompts pressing the requisite keys to continue
Wait completion, the tool will take a little time (runtime is approximately 15 minutes)
When finished, follow the prompt to create a summary of results you will see notification of the result. If there are no corruptions please tell me. If there are some problems please copy and paste back here the complete logfile which will open on completion.
Simply copy (Ctrl-A, Ctrl-C) and paste (Ctrl-V) the entire logfile.

So when you return please post

  • Defix log
  • SFCFix log

 


  • 0

#25
AdamIsAdam

AdamIsAdam

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 191 posts
EDIT: added second log file to this post:
--Adam
---------
 
 
# DelFix v1.010 - Logfile created 25/05/2015 at 17:51:13
# Updated 26/04/2015 by Xplode
# Username : Adam Rosenfeld - ADAMROSENFELD
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
 
~ Removing disinfection tools ...
 
Deleted : C:\Qoobox
Deleted : C:\_OTL
Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\RegBackup
Deleted : C:\Users\Adam Rosenfeld\Desktop\FRST-OlderVersion
Deleted : C:\AdwCleaner[S1].txt
Deleted : C:\ComboFix.txt
Deleted : C:\log.txt
Deleted : C:\TDSSKiller.2.8.16.0_30.10.2013_20.27.59_log.txt
Deleted : C:\TDSSKiller.3.0.0.14_30.10.2013_20.28.43_log.txt
Deleted : C:\Users\Adam Rosenfeld\Desktop\Addition.txt
Deleted : C:\Users\Adam Rosenfeld\Desktop\AdwCleaner.exe
Deleted : C:\Users\Adam Rosenfeld\Desktop\ComboFix.exe
Deleted : C:\Users\Adam Rosenfeld\Desktop\esetsmartinstaller_enu.exe
Deleted : C:\Users\Adam Rosenfeld\Desktop\Fixlog.txt
Deleted : C:\Users\Adam Rosenfeld\Desktop\FRST.txt
Deleted : C:\Users\Adam Rosenfeld\Desktop\FRST64.exe
Deleted : C:\Users\Adam Rosenfeld\Desktop\JRT.exe
Deleted : C:\Users\Adam Rosenfeld\Desktop\JRT.txt
Deleted : C:\Users\Adam Rosenfeld\Desktop\HijackThis.exe
Deleted : C:\Users\Adam Rosenfeld\Downloads\Extras.Txt
Deleted : C:\Users\Adam Rosenfeld\Downloads\hijackthis.log
Deleted : C:\Users\Adam Rosenfeld\Downloads\OTL.Txt
Deleted : C:\Users\Adam Rosenfeld\Downloads\OTL.exe
Deleted : C:\Windows\grep.exe
Deleted : C:\Windows\PEV.exe
Deleted : C:\Windows\NIRCMD.exe
Deleted : C:\Windows\MBR.exe
Deleted : C:\Windows\SED.exe
Deleted : C:\Windows\SWREG.exe
Deleted : C:\Windows\SWSC.exe
Deleted : C:\Windows\SWXCACLS.exe
Deleted : C:\Windows\Zip.exe
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\AdwCleaner
Deleted : HKLM\SOFTWARE\Swearware
Deleted : HKLM\SOFTWARE\TrendMicro\Hijackthis
Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\combofix.exe
 
~ Cleaning system restore ...
 
Deleted : RP #481 [Windows Update | 05/21/2015 01:24:33]
Deleted : RP #482 [ComboFix created restore point | 05/23/2015 21:35:41]
 
New restore point created !
 
~ Resetting system settings ... OK
 
########## - EOF - ##########
 
second log file:
 
 
 
 
SFCFix version 2.4.3.0 by niemiro.
Start time: 2015-05-25 17:55:41.455
Microsoft Windows 7 Service Pack 1 - amd64
Not using a script file.
 
 
 
 
AutoAnalysis::
FIXED: Corruption at C:\Windows\winsxs\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_6.1.7601.18839_none_fe0845bb1d97efda\utc.app.json has been successfully repaired from C:\Windows\winsxs\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_6.1.7601.23040_none_fe7de82236c5fac8\utc.app.json.
FIXED: Corruption at C:\Windows\winsxs\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_6.1.7601.18839_none_fe0845bb1d97efda\telemetry.ASM-WindowsDefault.json has been successfully repaired from C:\Windows\winsxs\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_6.1.7601.23040_none_fe7de82236c5fac8\telemetry.ASM-WindowsDefault.json.
 
 
 
 
SUMMARY: All detected corruptions were successfully repaired.
AutoAnalysis:: directive completed successfully.
 
 
 
 
Successfully processed all directives.
SFCFix version 2.4.3.0 by niemiro has completed.
Currently storing 2 datablocks.
Finish time: 2015-05-25 18:00:07.907
----------------------EOF-----------------------

Edited by AdamIsAdam, 25 May 2015 - 04:01 PM.

  • 0

Advertisements


#26
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

Hello again Adam,

 

Unless there are any other issues I think you are good to go now. :)

 

-------------------------------------------------------------------------------------------------------------------

A reminder:  Remember to (re-install if uninstalled during cleaning) update and turn back on any anti-malware programs you may have turned off during the cleaning process.
-------------------------------------------------------------------------------------------------------------------

Here are some things that I think are worth having a look at if you don't already know about them:

---------------------------------------------------------------------------------------------------------------------

It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article Strong passwords: How to create and use them.

----------------------------------------------------------------------------------------------------------------------

So many of us use Facebook nowadays. Go here for a guide to Facebook security.

-----------------------------------------------------------------------------------------------------------------------

Java warning

Java is a popular point of entry to your computer for malicious programs. Unless you need it to run an important software the safest approach is to completely uninstall Java. Where you do require it, then the next safest option is to disable it in your browsers until you need it, then enable it.

How to disable Java in your web browser and How to unplug Java from the browser

If you do still need Java then regularly check that it is up to date. Older versions are the most vulnerable to malicious attack.
 

  • Download Java for Windows

    Reboot your computer.
    You also need to unininstall older versions of Java.

       
  • Click Start > Control Panel > Add or Remove Programs
       
  • Remove all Java updates except the latest one you have just installed.

--------------------------------------------------------------------------------------------------------------------

CryptoLocker Warning

There is a particularly nasty infection out there at the moment.

Go here for information about CryptoLocker Ransomeware

Download CryptoPrevent free for home use.

--------------------------------------------------------------------------------------------------------------------

To help protect your computer in the future:



If you do not already have automatic updates set then it is recommended that you do set Windows to check, download and install your updates automatically.

    * Click Start > Control Panel > System and Security > Windows Update
    * Under Windows Update click on Turn automatic updating on or off
    * Check items shown to ensure you receive updates automatically. Click OK.

Be aware of what emails you open and websites you visit.

Go here for some good advice about how to prevent infection.

For some common sense advice about protecting your computer read How to boost your malware defense and protect your PC

A fun way to check your online safety literacy.

Quiz - getsafeonline

Have a safe and happy computing day!

 


  • 0

#27
AdamIsAdam

AdamIsAdam

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 191 posts

ok, I think we're good then.  Thanks!


  • 0

#28
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

 

Thanks!

 

You are welcome. :happy:

 

I will keep this topic open for a day or two in case any issues arise.


  • 0

#29
AdamIsAdam

AdamIsAdam

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 191 posts

ok. . thanks.  Paypal ( and email) sent.

 

Adam


  • 0

#30
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

Not necessary but very kind.

 

Nice to be appreciated.

 

Thank you. :)


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP